Some hosts, like CloudWays, limit direct web access to .php files. This may also happen if you are using a security–enhanced .htaccess file, e.g. one created with our plugin Admin Tools for WordPress.
You need to allow access to the following .php files on your
site to use Akeeba Backup and/or restore a backup. We also explain
what each files does. Please note that all paths are given relative to
your site's root and we assume that you have installed Akeeba Backup
for WordPress in the directory
wp-content/plugins/akeebabackupwp (that's the
default when you use WordPress' upload and install feature in the
Plugins page).
wp-content/plugins/akeebabackupwp/app/restore.php-
Used to restore a backup from inside the Akeeba Backup for WordPress plugin.
Enabling direct web access to this file is perfectly safe. This file is by default “locked” and doesn't do anything. During restoration we create a file called
restoration.phpin the same folder with information about which backup archive to restore and a password that the browser needs to communicate for the extraction to take place. wp-content/plugins/akeebabackupwp/app/index.php-
Used to communicate with the Akeeba Backup JSON API.
This is a feature only available in Akeeba Backup Professional for WordPress. It's used to take and manage backups remotely with third party services (e.g. Watchful) or Akeeba Remote CLI.
![[Note]](/media/com_docimport/admonition/note.png)
Note As of Akeeba Backup for WordPress 7.7 it's recommended to use the wp-admin/admin-ajax.php endpoint instead which is already allowed on all hosts. Therefore you will not need to whitelist this index.php file unless you have an older version of Akeeba Backup and/or are using an older JSON API client service or software.
wp-content/plugins/akeebabackupwp/app/remote.php-
Same as the previous file.
remote.php was used instead of index.php in older versions of Akeeba Remote CLI and older implementations of the Akeeba Remote CLI client in third party services. It's okay if you don't allow access to this file; modern versions of Akeeba Remote CLI and third party services will use the index.php file instead.
kickstart.php-
Used when restoring a backup manually (you don't have access to wp-admin) or when transferring a site using the Site Transfer Wizard in Akeeba Backup for WordPress.
The kickstart.php file is responsible for extracting the backup archive when performing a manual restoration. Moreover, it's used to confirm the settings of a remote host and facilitate the transfer of larger backup archives to remote hosts when using the Site Transfer Wizard feature in Akeeba Backup for WordPress.
installation/index.php-
Used when restoring a backup.
After the backup archive is extracted — either by restore.php when using the integrated restoration or by kickstart.php when you do either a manual restoration or use the Site Transfer Wizard — you are redirected to the actual restoration script (ANGIE) which restores your site's database, reconfigures your site, handles serialised data and adjusts your site's .htaccess file. The restoration script is part of the backup archive itself and is extracted in the installation directory. The only directly executable .php file in that folder is the index.php file which is why you need to allow it to be accessed to complete the restoration of your site.